US9390267B2ActiveUtilityA1

Systems and methods involving features of hardware virtualization, hypervisor, pages of interest, and/or other features

93
Assignee: LYNX SOFTWARE TECHNOLOGIES INCPriority: May 15, 2014Filed: May 15, 2015Granted: Jul 12, 2016
Est. expiryMay 15, 2034(~7.8 yrs left)· nominal 20-yr term from priority
G06F 2009/45587G06F 9/455G06F 2009/45583G06F 21/50G06F 21/57G06F 9/50G06F 9/45545G06F 9/45558G06F 11/3644G06F 21/563G06F 2221/034G06F 21/86G06F 21/53G06F 2009/4557G06F 21/577G06F 21/56
93
PatentIndex Score
15
Cited by
56
References
90
Claims

Abstract

Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or memory access. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a detection mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or notification of, and action by a monitoring guest upon access by a monitored guest to predetermined physical memory locations.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for processing information securely, the method comprising:
 partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains; 
 providing a dedicated virtualization assistance layer (dedicated VAL) including a virtual representation of the hardware platform that is a virtual machine in each of the guest operating system virtual machine protection domains such that the dedicated VAL security processing is not performed in the separation kernel hypervisor; 
 processing the virtual machine via another guest; 
 hosting at least one detection mechanism that executes within the virtual hardware platform in each of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; 
 upon detection of suspect behavior, securely transition execution to the detection mechanism within the dedicated VAL in a manner isolated from the guest operating system; 
 securely determining, via the detection mechanism, a policy decision regarding the suspect behavior, wherein the securely determining comprises:
 analyzing of the guest operating system and the guest operating system resources' behavior; and 
 processing unmapped page exceptions taken by the guest operating system based on the unmapped pages; and 
 
 transitioning execution back to the separation kernel hypervisor to continue processing regarding enforcement of or taking action in connection with the policy decision; 
 the method further comprising one or more of:
 hosting an unmapping mechanism to unmap specified pages on demand from the another guest; 
 receiving, via the unmapping mechanism, the demand to unmap the specified pages; and 
 unmapping, via the unmapping mechanism, the specified pages. 
 
 
     
     
       2. The method of  claim 1  further comprising one or more of:
 hosting a mechanism to unmap specified pages on demand from the another guest; 
 processing an unmapped page exception taken by the virtual machine; 
 pausing an execution of the virtual machine; 
 injecting a page-not-found exception into the virtual machine; and 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL. 
 
     
     
       3. The method of  claim 1 , further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 upon securely determining, via the detection mechanism, the policy decision, transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism, execution to the detection mechanism. 
 
     
     
       4. The method of  claim 1 , further comprising:
 isolating the domains in time and space from each other. 
 
     
     
       5. The method of  claim 1  further comprising one or more of:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; 
 implementing at least one routine and/or component to prohibit the guest operating system virtual machine protection domains from tampering with, corrupting, and/or bypassing the at least one detection mechanism; and/or 
 executing the at least one detection mechanism while preventing interference, bypassing, corrupting and/or tampering by the plurality of guest operating system virtual machine protection domains; 
 hosting a mechanism to process a page of the virtual machine of a first guest by a second guest; and 
 sending a notification associated with the virtual machine of the first guest to the second guest. 
 
     
     
       6. The method of  claim 5  further comprising:
 hosting an unmapping mechanism to unmap a page of interest; and 
 unmapping, via the unmapping mechanism, the page of interest. 
 
     
     
       7. The method of  claim 6  further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism; execution to the detection mechanism. 
 
     
     
       8. The method of  claim 1 , further comprising:
 implementing a separation kernel hypervisor that ensures isolation of multiple guest operating systems, each guest operating system in its own virtual machine. 
 
     
     
       9. The method of  claim 1 , further comprising:
 implementing a separation kernel hypervisor that implements a mechanism whereby a suitably authorized guest can send a list of memory locations to be watched to another guest. 
 
     
     
       10. The method of  claim 1 , further comprising:
 implementing a separation kernel hypervisor that implements a mechanism whereby a suitably authorized guest can send a message to another guest. 
 
     
     
       11. The method of  claim 1  further comprising:
 implementing the dedicated VAL via software that runs within the same protection domain as the guest virtual machine but is not directly accessible by the guest. 
 
     
     
       12. The method of  claim 1 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL implements a virtual motherboard containing a virtual CPU and memory. 
 
     
     
       13. The method of  claim 1  further comprising:
 implementing the dedicated VAL such that the dedicated VAL implements a mechanism to unmap specified pages on demand from another guest. 
 
     
     
       14. The method of  claim 1 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL processes unmapped page exceptions taken by its associated guest virtual machine. 
 
     
     
       15. The method of  claim 1 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to pause the execution of its associated guest virtual machine. 
 
     
     
       16. The method of  claim 1 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to inject a page-not-found exception into its associated guest virtual machine. 
 
     
     
       17. The method of  claim 1 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to send a notification of the memory access and associated context information to the requesting guest. 
 
     
     
       18. The method of  claim 1  further comprising one or more of:
 hosting a mechanism to unmap specified pages on demand from another guest; processing an unmapped page exception taken by the virtual machine; 
 mapping the previously unmapped page; 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL; 
 allowing the virtual machine to execute a single instruction; 
 returning control to the VAL; 
 mapping the page as non-existent again; and/or 
 returning control to the virtual machine. 
 
     
     
       19. The method of  claim 18  further comprising:
 configuring a memory management unit such that software in the virtual machine cannot undo the mapping. 
 
     
     
       20. The method of  claim 19  wherein the mapping that cannot be undone comprises remapping or unmapping. 
     
     
       21. The method of  claim 19  wherein the mapping that cannot be undone comprises remapping and unmapping. 
     
     
       22. The method of  claim 1  further comprising:
 hosting a mechanism to unmap specified pages on demand from the another guest; 
 processing an unmapped page exception taken by the virtual machine; 
 pausing an execution of the virtual machine; 
 injecting a page-not-found exception into the virtual machine; and 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL. 
 
     
     
       23. The method of  claim 1  further comprising:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; and 
 implementing at least one routine and/or component to prohibit the guest operating system virtual machine protection domains from tampering with, corrupting, and/or bypassing the at least one detection mechanism. 
 
     
     
       24. The method of  claim 1  further comprising:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; and 
 executing the at least one detection mechanism while preventing interference, bypassing, corrupting and/or tampering by the plurality of guest operating system virtual machine protection domains. 
 
     
     
       25. The method of  claim 1  further comprising:
 hosting an unmapping mechanism to unmap a page of interest; and 
 unmapping, via the unmapping mechanism, the page of interest. 
 
     
     
       26. The method of  claim 25  further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism; execution to the detection mechanism. 
 
     
     
       27. The method of  claim 1  further comprising:
 hosting a mechanism to unmap specified pages on demand from another guest; processing an unmapped page exception taken by the virtual machine; 
 mapping the previously unmapped page; 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL; 
 allowing the virtual machine to execute a single instruction; 
 returning control to the VAL; 
 mapping the page as non-existent again; and 
 returning control to the virtual machine. 
 
     
     
       28. The method of  claim 27  further comprising:
 configuring a memory management unit such that software in the virtual machine cannot undo the mapping. 
 
     
     
       29. The method of  claim 28  wherein the mapping that cannot be undone comprises remapping or unmapping. 
     
     
       30. The method of  claim 28  wherein the mapping that cannot be undone comprises remapping and unmapping. 
     
     
       31. A method for processing information securely, the method comprising:
 partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains; 
 isolating the domains in time and space from each other; 
 providing a list of memory locations of an authorized guest to another guest; 
 providing a message of the authorized guest to the another guest; 
 providing a virtualization assistance layer (VAL) including a virtual representation of the hardware platform in each of the guest operating system virtual machine protection domains such that the VAL is not directly accessible by the authorized guest, wherein the virtual representation of the hardware platform is a virtual machine comprising a virtual motherboard including a virtual CPU and memory by the VAL; 
 hosting a mechanism to unmap specified pages on demand from the another guest; 
 processing an unmapped page exception taken by the virtual machine; 
 pausing an execution of the virtual machine; 
 injecting a page-not-found exception into the virtual machine; and 
 sending a notification of memory access and associated context information to a requesting guest. 
 
     
     
       32. The method of  claim 31  further comprising one or more of:
 hosting a mechanism to unmap specified pages on demand from the another guest; 
 processing an unmapped page exception taken by the virtual machine; 
 pausing an execution of the virtual machine; 
 injecting a page-not-found exception into the virtual machine; and 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL. 
 
     
     
       33. The method of  claim 31 , further comprising:
 hosting an unmapping mechanism to unmap specified pages on demand from the another guest; 
 receiving, via the unmapping mechanism, the demand to unmap the specified pages; and 
 unmapping, via the unmapping mechanism, the specified pages. 
 
     
     
       34. The method of  claim 31 , further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 upon securely determining, via the detection mechanism, the policy decision, transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism, execution to the detection mechanism. 
 
     
     
       35. The method of  claim 31  further comprising one or more of:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; 
 implementing at least one routine and/or component to prohibit the guest operating system virtual machine protection domains from tampering with, corrupting, and/or bypassing the at least one detection mechanism; and/or 
 executing the at least one detection mechanism while preventing interference, bypassing, corrupting and/or tampering by the plurality of guest operating system virtual machine protection domains; 
 hosting a mechanism to process a page of the virtual machine of a first guest by a second guest; and 
 sending a notification associated with the virtual machine of the first guest to the second guest. 
 
     
     
       36. The method of  claim 35  further comprising:
 hosting an unmapping mechanism to unmap a page of interest; and 
 unmapping, via the unmapping mechanism, the page of interest. 
 
     
     
       37. The method of  claim 36  further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism; execution to the detection mechanism. 
 
     
     
       38. The method of  claim 31 , further comprising:
 implementing a separation kernel hypervisor that ensures isolation of multiple guest operating systems, each guest operating system in its own virtual machine. 
 
     
     
       39. The method of  claim 31 , further comprising:
 implementing a separation kernel hypervisor that implements a mechanism whereby a suitably authorized guest can send a list of memory locations to be watched to another guest. 
 
     
     
       40. The method of  claim 31 , further comprising:
 implementing a separation kernel hypervisor that implements a mechanism whereby a suitably authorized guest can send a message to another guest. 
 
     
     
       41. The method of  claim 31  further comprising:
 implementing the dedicated VAL via software that runs within the same protection domain as the guest virtual machine but is not directly accessible by the guest. 
 
     
     
       42. The method of  claim 31 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL implements a virtual motherboard containing a virtual CPU and memory. 
 
     
     
       43. The method of  claim 31  further comprising:
 implementing the dedicated VAL such that the dedicated VAL implements a mechanism to unmap specified pages on demand from another guest. 
 
     
     
       44. The method of  claim 31 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL processes unmapped page exceptions taken by its associated guest virtual machine. 
 
     
     
       45. The method of  claim 31 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to pause the execution of its associated guest virtual machine. 
 
     
     
       46. The method of  claim 31 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to inject a page-not-found exception into its associated guest virtual machine. 
 
     
     
       47. The method of  claim 31 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to send a notification of the memory access and associated context information to the requesting guest. 
 
     
     
       48. The method of  claim 31  further comprising one or more of:
 hosting a mechanism to unmap specified pages on demand from another guest; processing an unmapped page exception taken by the virtual machine; 
 mapping the previously unmapped page; 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL; 
 allowing the virtual machine to execute a single instruction; 
 returning control to the VAL; 
 mapping the page as non-existent again; and/or 
 returning control to the virtual machine. 
 
     
     
       49. The method of  claim 48  further comprising:
 configuring a memory management unit such that software in the virtual machine cannot undo the mapping. 
 
     
     
       50. The method of  claim 49  wherein the mapping that cannot be undone comprises remapping or unmapping. 
     
     
       51. The method of  claim 49  wherein the mapping that cannot be undone comprises remapping and unmapping. 
     
     
       52. The method of  claim 31  further comprising:
 hosting a mechanism to unmap specified pages on demand from the another guest; 
 processing an unmapped page exception taken by the virtual machine; 
 pausing an execution of the virtual machine; 
 injecting a page-not-found exception into the virtual machine; and 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL. 
 
     
     
       53. The method of  claim 31  further comprising:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; and 
 implementing at least one routine and/or component to prohibit the guest operating system virtual machine protection domains from tampering with, corrupting, and/or bypassing the at least one detection mechanism. 
 
     
     
       54. The method of  claim 31  further comprising:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; and 
 executing the at least one detection mechanism while preventing interference, bypassing, corrupting and/or tampering by the plurality of guest operating system virtual machine protection domains. 
 
     
     
       55. The method of  claim 31  further comprising:
 hosting an unmapping mechanism to unmap a page of interest; and 
 unmapping, via the unmapping mechanism, the page of interest. 
 
     
     
       56. The method of  claim 55  further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism; execution to the detection mechanism. 
 
     
     
       57. The method of  claim 31  further comprising:
 hosting a mechanism to unmap specified pages on demand from another guest; processing an unmapped page exception taken by the virtual machine; 
 mapping the previously unmapped page; 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL; 
 allowing the virtual machine to execute a single instruction; 
 returning control to the VAL; 
 mapping the page as non-existent again; and 
 returning control to the virtual machine. 
 
     
     
       58. The method of  claim 57  further comprising:
 configuring a memory management unit such that software in the virtual machine cannot undo the mapping. 
 
     
     
       59. The method of  claim 58  wherein the mapping that cannot be undone comprises remapping or unmapping. 
     
     
       60. The method of  claim 58  wherein the mapping that cannot be undone comprises remapping and unmapping. 
     
     
       61. A method for processing information securely, the method comprising:
 partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains; 
 providing a dedicated virtualization assistance layer (dedicated VAL) including a virtual representation of the hardware platform that is a virtual machine in each of the guest operating system virtual machine protection domains such that the dedicated VAL security processing is not performed in the separation kernel hypervisor; 
 processing the virtual machine via another guest; 
 hosting at least one detection mechanism that executes within the virtual hardware platform in each of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; 
 upon detection of suspect behavior, securely transition execution to the detection mechanism within the dedicated VAL in a manner isolated from the guest operating system; 
 securely determining, via the detection mechanism, a policy decision regarding the suspect behavior, wherein the securely determining comprises:
 analyzing the guest operating system and the guest operating system resources' behavior; and 
 processing unmapped page exceptions taken by the guest operating system based on the unmapped pages; and 
 
 transitioning execution back to the separation kernel hypervisor to continue processing regarding enforcement of or taking action in connection with the policy decision; 
 the method further comprising:
 hosting an unmapping mechanism to unmap specified pages on demand from the another guest; and 
 unmapping, via the unmapping mechanism, the specified pages. 
 
 
     
     
       62. The method of  claim 61  further comprising one or more of:
 hosting a mechanism to unmap specified pages on demand from the another guest; 
 processing an unmapped page exception taken by the virtual machine; 
 pausing an execution of the virtual machine; 
 injecting a page-not-found exception into the virtual machine; and 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL. 
 
     
     
       63. The method of  claim 61 , further comprising:
 hosting an unmapping mechanism to unmap specified pages on demand from the another guest; 
 receiving, via the unmapping mechanism, the demand to unmap the specified pages; and 
 unmapping, via the unmapping mechanism, the specified pages. 
 
     
     
       64. The method of  claim 61 , further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 upon securely determining, via the detection mechanism, the policy decision, transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism, execution to the detection mechanism. 
 
     
     
       65. The method of  claim 61  further comprising one or more of:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; 
 implementing at least one routine and/or component to prohibit the guest operating system virtual machine protection domains from tampering with, corrupting, and/or bypassing the at least one detection mechanism; and/or 
 executing the at least one detection mechanism while preventing interference, bypassing, corrupting and/or tampering by the plurality of guest operating system virtual machine protection domains; 
 hosting a mechanism to process a page of the virtual machine of a first guest by a second guest; and 
 sending a notification associated with the virtual machine of the first guest to the second guest. 
 
     
     
       66. The method of  claim 65  further comprising:
 hosting an unmapping mechanism to unmap a page of interest; and 
 unmapping, via the unmapping mechanism, the page of interest. 
 
     
     
       67. The method of  claim 66  further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism; execution to the detection mechanism. 
 
     
     
       68. The method of  claim 61 , further comprising:
 implementing a separation kernel hypervisor that ensures isolation of multiple guest operating systems, each guest operating system in its own virtual machine. 
 
     
     
       69. The method of  claim 61 , further comprising:
 implementing a separation kernel hypervisor that implements a mechanism whereby a suitably authorized guest can send a list of memory locations to be watched to another guest. 
 
     
     
       70. The method of  claim 61 , further comprising:
 implementing a separation kernel hypervisor that implements a mechanism whereby a suitably authorized guest can send a message to another guest. 
 
     
     
       71. The method of  claim 61  further comprising:
 implementing the dedicated VAL via software that runs within the same protection domain as the guest virtual machine but is not directly accessible by the guest. 
 
     
     
       72. The method of  claim 61 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL implements a virtual motherboard containing a virtual CPU and memory. 
 
     
     
       73. The method of  claim 61  further comprising:
 implementing the dedicated VAL such that the dedicated VAL implements a mechanism to unmap specified pages on demand from another guest. 
 
     
     
       74. The method of  claim 61 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL processes unmapped page exceptions taken by its associated guest virtual machine. 
 
     
     
       75. The method of  claim 61 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to pause the execution of its associated guest virtual machine. 
 
     
     
       76. The method of  claim 61 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to inject a page-not-found exception into its associated guest virtual machine. 
 
     
     
       77. The method of  claim 61 , further comprising:
 implementing the dedicated VAL such that the dedicated VAL is configured to send a notification of the memory access and associated context information to the requesting guest. 
 
     
     
       78. The method of  claim 61  further comprising one or more of:
 hosting a mechanism to unmap specified pages on demand from another guest; processing an unmapped page exception taken by the virtual machine; 
 mapping the previously unmapped page; 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL; 
 allowing the virtual machine to execute a single instruction; 
 returning control to the VAL; 
 mapping the page as non-existent again; and/or 
 returning control to the virtual machine. 
 
     
     
       79. The method of  claim 78  further comprising:
 configuring a memory management unit such that software in the virtual machine cannot undo the mapping. 
 
     
     
       80. The method of  claim 79  wherein the mapping that cannot be undone comprises remapping or unmapping. 
     
     
       81. The method of  claim 79  wherein the mapping that cannot be undone comprises remapping and unmapping. 
     
     
       82. The method of  claim 61  further comprising:
 hosting a mechanism to unmap specified pages on demand from the another guest; 
 processing an unmapped page exception taken by the virtual machine; 
 pausing an execution of the virtual machine; 
 injecting a page-not-found exception into the virtual machine; and 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL. 
 
     
     
       83. The method of  claim 61  further comprising:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; and 
 implementing at least one routine and/or component to prohibit the guest operating system virtual machine protection domains from tampering with, corrupting, and/or bypassing the at least one detection mechanism. 
 
     
     
       84. The method of  claim 61  further comprising:
 hosting the at least one detection mechanism, each which may be different from each other, that executes within one or more of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; and 
 executing the at least one detection mechanism while preventing interference, bypassing, corrupting and/or tampering by the plurality of guest operating system virtual machine protection domains. 
 
     
     
       85. The method of  claim 61  further comprising:
 hosting an unmapping mechanism to unmap a page of interest; and 
 unmapping, via the unmapping mechanism, the page of interest. 
 
     
     
       86. The method of  claim 85  further comprising:
 hosting a remapping mechanism to remap unmapped pages; 
 transitioning execution to the remapping mechanism; 
 remapping, via the remapping mechanism, the unmapped pages as inaccessible; and 
 transitioning, via the remapping mechanism; execution to the detection mechanism. 
 
     
     
       87. The method of  claim 61  further comprising:
 hosting a mechanism to unmap specified pages on demand from another guest; processing an unmapped page exception taken by the virtual machine; 
 mapping the previously unmapped page; 
 sending a notification of memory access and associated context information to a requesting guest, wherein the virtual machine comprises a virtual motherboard including a virtual CPU and memory by the VAL; 
 allowing the virtual machine to execute a single instruction; 
 returning control to the VAL; 
 mapping the page as non-existent again; and 
 returning control to the virtual machine. 
 
     
     
       88. The method of  claim 87  further comprising:
 configuring a memory management unit such that software in the virtual machine cannot undo the mapping. 
 
     
     
       89. The method of  claim 88  wherein the mapping that cannot be undone comprises remapping or unmapping. 
     
     
       90. The method of  claim 88  wherein the mapping that cannot be undone comprises remapping and unmapping.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.